Inline SQL queries where possible to avoid WPCS errors

sheabunge · sheabunge · commit 8d68000c000c · 2022-05-06T11:13:58.000+10:00
diff --git a/php/class-list-table.php b/php/class-list-table.php
@@ -835,12 +835,13 @@ private function fetch_shared_network_snippets() {
 		} else {
 
 			$active_shared_snippets = get_option( 'active_shared_network_snippets', array() );
+			$active_shared_snippet_format = implode( ',', array_fill( 0, count( $ids ), '%d' ) );
 
-			$sql = sprintf( "SELECT * FROM {$db->ms_table} WHERE id IN (%s)",
-				implode( ',', array_fill( 0, count( $ids ), '%d' ) )
-			);
-
-			$shared_snippets = $wpdb->get_results( $wpdb->prepare( $sql, $ids ), ARRAY_A );
+			$shared_snippets = $wpdb->get_results( $wpdb->prepare( "
+				SELECT * FROM $db->ms_table
+				WHERE id IN ($active_shared_snippet_format)",
+				$ids
+			), ARRAY_A );
 
 			foreach ( $shared_snippets as $index => $snippet ) {
 				$snippet = new Code_Snippet( $snippet );
@@ -1031,7 +1032,7 @@ private function usort_reorder_callback( $a, $b ) {
 
 		// sort ascending by default
 		$order = isset( $_REQUEST['order'] ) ? strtolower( sanitize_key( $_REQUEST['order'] ) ) : '';
-		if ( $order !== 'asc' && $order !== 'desc' ) {
+		if ( 'asc' !== $order && 'desc' !== $order ) {
 			$order = apply_filters( 'code_snippets/list_table/default_order', 'asc' );
 		}
 
diff --git a/php/class-upgrade.php b/php/class-upgrade.php
@@ -150,9 +150,9 @@ private function migrate_scope_data( $table_name ) {
 		);
 
 		foreach ( $scopes as $scope_number => $scope_name ) {
-			$wpdb->query( sprintf(
-				"UPDATE %s SET scope = '%s' WHERE scope = %d",
-				$table_name, $scope_name, $scope_number
+			$wpdb->query( $wpdb->prepare(
+				"UPDATE $table_name SET scope = %s WHERE scope = %d",
+				$scope_name, $scope_number
 			) );
 		}
 	}
diff --git a/php/import-export.php b/php/import-export.php
@@ -61,15 +61,15 @@ function _code_snippets_save_imported_snippets( $snippets, $multisite = null, $d
 /**f
  * Imports snippets from a JSON file
  *
- * @since 2.9.7
- *
- * @uses  save_snippet() to add the snippets to the database
- *
  * @param string    $file       The path to the file to import
  * @param bool|null $multisite  Import into network-wide table or site-wide table?
  * @param string    $dup_action Action to take if duplicate snippets are detected. Can be 'skip', 'ignore', or 'replace'
  *
  * @return array|bool An array of imported snippet IDs on success, false on failure
+ * @since 2.9.7
+ *
+ * @uses  save_snippet() to add the snippets to the database
+ *
  */
 function import_snippets_json( $file, $multisite = null, $dup_action = 'ignore' ) {
 
@@ -97,15 +97,15 @@ function import_snippets_json( $file, $multisite = null, $dup_action = 'ignore'
 /**
  * Imports snippets from an XML file
  *
- * @since 2.0
- *
- * @uses  save_snippet() to add the snippets to the database
- *
  * @param string    $file       The path to the file to import
  * @param bool|null $multisite  Import into network-wide table or site-wide table?
  * @param string    $dup_action Action to take if duplicate snippets are detected. Can be 'skip', 'ignore', or 'replace'
  *
  * @return array|bool An array of imported snippet IDs on success, false on failure
+ * @since 2.0
+ *
+ * @uses  save_snippet() to add the snippets to the database
+ *
  */
 function import_snippets_xml( $file, $multisite = null, $dup_action = 'ignore' ) {
 
@@ -172,19 +172,11 @@ function code_snippets_prepare_export( $format, $ids, $table_name = '', $mime_ty
 	global $wpdb;
 
 	/* Fetch the snippets from the database */
-	if ( '' === $table_name ) {
-		$table_name = code_snippets()->db->get_table_name();
-	}
-
 	if ( count( $ids ) ) {
+		$table_name = '' === $table_name ? code_snippets()->db->get_table_name() : $table_name;
 
-		$sql = sprintf(
-			'SELECT * FROM %s WHERE id IN (%s)', $table_name,
-			implode( ',', array_fill( 0, count( $ids ), '%d' ) )
-		);
-
-		$snippets = $wpdb->get_results( $wpdb->prepare( $sql, $ids ), ARRAY_A );
-
+		$sql_in_format = implode( ',', array_fill( 0, count( $ids ), '%d' ) );
+		$snippets = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $table_name WHERE id IN ($sql_in_format)", $ids ), ARRAY_A );
 	} else {
 		$snippets = array();
 	}
diff --git a/php/snippet-ops.php b/php/snippet-ops.php
@@ -71,7 +71,7 @@ function get_snippets( array $ids = array(), $multisite = null, array $args = ar
 
 	/* Build a query containing the specified IDs if there are any */
 	if ( $ids_count > 1 ) {
-		$sql       .= sprintf( ' AND id IN (%s)', implode( ',', array_fill( 0, $ids_count, '%d' ) ) );
+		$sql .= sprintf( ' AND id IN (%s)', implode( ',', array_fill( 0, $ids_count, '%d' ) ) );
 		$sql_params = array_merge( $sql_params, array_values( $ids ) );
 	}
 
@@ -260,8 +260,7 @@ function activate_snippets( array $ids, $multisite = null ) {
 
 	/* Build a SQL query containing all the provided snippet IDs */
 	$ids_format = implode( ',', array_fill( 0, count( $ids ), '%d' ) );
-	$sql = sprintf( 'SELECT id, code FROM %s WHERE id IN (%s);', $table, $ids_format );
-	$rows = $wpdb->get_results( $wpdb->prepare( $sql, $ids ) );
+	$rows = $wpdb->get_results( $wpdb->prepare( "SELECT id, code FROM $table WHERE id IN ($ids_format)", $ids ) );
 
 	if ( ! $rows ) {
 		return array();
@@ -286,8 +285,7 @@ function activate_snippets( array $ids, $multisite = null ) {
 
 	/* Build a SQL query containing all the valid snippet IDs and activate the valid snippets */
 	$ids_format = implode( ',', array_fill( 0, count( $valid_ids ), '%d' ) );
-	$sql = sprintf( 'UPDATE %s SET active = 1 WHERE id IN (%s);', $table, $ids_format );
-	$wpdb->query( $wpdb->prepare( $sql, $valid_ids ) );
+	$wpdb->query( $wpdb->prepare( "UPDATE $table SET active = 1 WHERE id IN ($ids_format)", $valid_ids ) );
 
 	/* Remove snippet from shared network snippet list if it was Network Activated */
 	if ( $table === $db->ms_table && $shared_network_snippets = get_site_option( 'shared_network_snippets', false ) ) {
@@ -495,14 +493,17 @@ function execute_active_snippets() {
 	$db = code_snippets()->db;
 
 	$current_scope = is_admin() ? 'admin' : 'front-end';
-	$queries = array();
-
-	$sql_format = "SELECT id, code, scope FROM %s WHERE scope IN ('global', 'single-use', %%s) ";
-	$order = 'ORDER BY priority ASC, id ASC';
+	$results = array();
 
 	/* Fetch snippets from site table */
 	if ( $wpdb->get_var( "SHOW TABLES LIKE '$db->table'" ) === $db->table ) {
-		$queries[ $db->table ] = $wpdb->prepare( sprintf( $sql_format, $db->table ) . 'AND active=1 ' . $order, $current_scope );
+		$results[ $db->table ] = $wpdb->get_results( $wpdb->prepare( "
+			SELECT id, code, scope
+			FROM $db->table WHERE scope IN ('global', 'single-use', %s)
+			AND active = 1
+			ORDER BY priority, id",
+			$current_scope
+		), ARRAY_A );
 	}
 
 	/* Fetch snippets from the network table */
@@ -515,23 +516,31 @@ function execute_active_snippets() {
 			/* Build a list of "%d, %d, %d ..." for every active network shared snippet we have */
 			$active_shared_ids_format = implode( ',', array_fill( 0, count( $active_shared_ids ), '%d' ) );
 
-			/* Include them in the query */
-			$sql = sprintf( $sql_format, $db->ms_table ) . " AND (active=1 OR id IN ($active_shared_ids_format)) $order";
-
 			/* Add the scope number to the IDs array, so that it is the first variable in the query */
 			array_unshift( $active_shared_ids, $current_scope );
-			$queries[ $db->ms_table ] = $wpdb->prepare( $sql, $active_shared_ids );
+
+			$results[ $db->ms_table ] = $wpdb->get_results( $wpdb->prepare( "
+				SELECT id, code, scope
+				FROM $db->ms_table WHERE scope IN ('global', 'single-use', %s)
+				AND (active = 1 OR id IN ($active_shared_ids_format))
+				ORDER BY priority, id",
+				$active_shared_ids
+			), ARRAY_A );
+
 			array_shift( $active_shared_ids ); // remove it afterwards as we need this variable later
 
 		} else {
-			$sql = sprintf( $sql_format, $db->ms_table ) . 'AND active=1 ' . $order;
-			$queries[ $db->ms_table ] = $wpdb->prepare( $sql, $current_scope );
+			$results[ $db->ms_table ] = $wpdb->get_results( $wpdb->prepare( "
+				SELECT id, code, scope
+				FROM $db->ms_table WHERE scope IN ('global', 'single-use', %s)
+				AND active = 1
+				ORDER BY priority, id",
+				$current_scope
+			), ARRAY_A );
 		}
 	}
 
-	foreach ( $queries as $table_name => $query ) {
-		$active_snippets = $wpdb->get_results( $query, 'ARRAY_A' );
-
+	foreach ( $results as $table_name => $active_snippets ) {
 		if ( ! is_array( $active_snippets ) ) {
 			continue;
 		}
diff --git a/php/views/edit.php b/php/views/edit.php
@@ -95,9 +95,7 @@ class="<?php echo implode( ' ', $classes ); ?>">
 
 		<div class="snippet-editor">
 			<textarea id="snippet_code" name="snippet_code" rows="200" spellcheck="false"
-			          style="font-family: monospace; width: 100%;"><?php
-				echo esc_textarea( $snippet->code );
-				?></textarea>
+			          style="font-family: monospace; width: 100%;"><?php echo esc_textarea( $snippet->code ); ?></textarea>
 
 			<div class="snippet-editor-help">
 
@@ -126,15 +124,15 @@ class="<?php echo implode( ' ', $classes ); ?>">
 						<tr>
 							<td><?php esc_html_e( 'Save changes', 'code-snippets' ); ?></td>
 							<td>
-								<kbd class="pc-key"><?php echo esc_html( $keys['Ctrl'] ); ?></kbd><kbd class="mac-key"><?php
-									echo esc_html( $keys['Cmd'] ); ?></kbd>&hyphen;<kbd><?php echo esc_html( $keys['S'] ); ?></kbd>
+								<kbd class="pc-key"><?php echo esc_html( $keys['Ctrl'] ); ?></kbd><kbd
+										class="mac-key"><?php echo esc_html( $keys['Cmd'] ); ?></kbd>&hyphen;<kbd><?php echo esc_html( $keys['S'] ); ?></kbd>
 							</td>
 						</tr>
 						<tr>
 							<td><?php esc_html_e( 'Begin searching', 'code-snippets' ); ?></td>
 							<td>
-								<kbd class="pc-key"><?php echo esc_html( $keys['Ctrl'] ); ?></kbd><kbd class="mac-key"><?php
-									echo esc_html( $keys['Cmd'] ); ?></kbd>&hyphen;<kbd><?php echo esc_html( $keys['F'] ); ?></kbd>
+								<kbd class="pc-key"><?php echo esc_html( $keys['Ctrl'] ); ?></kbd><kbd
+										class="mac-key"><?php echo esc_html( $keys['Cmd'] ); ?></kbd>&hyphen;<kbd><?php echo esc_html( $keys['F'] ); ?></kbd>
 							</td>
 						</tr>
 						<tr>
diff --git a/phpcs.xml b/phpcs.xml
@@ -37,16 +37,15 @@
 		<exclude name="PEAR.Functions.FunctionCallSignature.ContentAfterOpenBracket" />
 
 		<!-- database table names should be interpolated -->
-		<exclude name="WordPress.WP.PreparedSQL.NotPrepared" />
+		<exclude name="WordPress.DB.PreparedSQL.InterpolatedNotPrepared" />
+
+		<!-- codesniffer does not seem to understand more complex queries -->
+		<exclude name="WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare" />
+		<exclude name="WordPress.DB.PreparedSQL.NotPrepared" />
 
 		<!-- class filenames do not include the namespace prefix -->
 		<exclude name="WordPress.Files.FileName.InvalidClassFileName" />
 
-		<!-- this picks up a lot of false positives -->
-		<exclude name="WordPress.DB.PreparedSQL.NotPrepared" />
-		<exclude name="WordPress.DB.PreparedSQL.InterpolatedNotPrepared" />
-		<exclude name="WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare" />
-
 		<!-- this disallows assignment inside conditional statements -->
 		<exclude name="Squiz.PHP.DisallowMultipleAssignments.Found" />
 

Original file line number	Diff line number	Diff line change
`@@ -150,9 +150,9 @@ private function migrate_scope_data( $table_name ) {`
`150`	`150`	`);`
`151`	`151`
`152`	`152`	`foreach ( $scopes as $scope_number => $scope_name ) {`
`153`		`- $wpdb->query( sprintf(`
`154`		`- "UPDATE %s SET scope = '%s' WHERE scope = %d",`
`155`		`- $table_name, $scope_name, $scope_number`
	`153`	`+ $wpdb->query( $wpdb->prepare(`
	`154`	`+ "UPDATE $table_name SET scope = %s WHERE scope = %d",`
	`155`	`+ $scope_name, $scope_number`
`156`	`156`	`) );`
`157`	`157`	`}`
`158`	`158`	`}`